OPS 5666 integrate sshd users into present users (#2)

* move chart into named chart folder and rename sc-sshd to infra-sshd for generelization * Change GHA to run on tag push and use specified tag as image-tag, * Add a kics scan on every push * change suggested namespace from service to sshd-service
dBildungsplattform · Feb 6, 2024 · 1ebe0fd · 1ebe0fd
1 parent b3bda8c
commit 1ebe0fd
Show file tree

Hide file tree

Showing 10 changed files with 52 additions and 25 deletions.
diff --git a/.github/workflows/chart-release-manual.yml b/.github/workflows/chart-release-manual.yml
@@ -1,19 +1,12 @@
-name: Push Charts to helm-charts-registry manually with specified version
+name: Push Charts to helm-charts-registry
 
 on:
-  workflow_dispatch:
-    inputs:
-      chart_version:
-        type: string
-        description: "Chart version"
-        required: true
-      image_tag:
-        type: string
-        description: "image tag"
-        required: true
+  push:
+    tags:
+      - "[0-9]+.[0-9]+.[0-9]+"
 
 concurrency:
-  group: infra-sshd-chart-manual
+  group: infra-sshd-chart
   cancel-in-progress: true
 
 jobs:
@@ -26,8 +19,5 @@ jobs:
     uses: dBildungsplattform/dbp-github-workflows/.github/workflows/[email protected]
     secrets: inherit
     with:
+      chart_path: .
       chart_name: infra-sshd
-      helm_chart_version_generation: specified 
-      image_tag_generation: specified 
-      helm_chart_version: ${{ inputs.chart_version }}
-      image_tag: ${{ inputs.image_tag }}
diff --git a/.github/workflows/scan-helm-on-push.yml b/.github/workflows/scan-helm-on-push.yml
@@ -0,0 +1,14 @@
+name: "Scan Helm on push"
+
+on:
+  push:
+
+concurrency:
+  group: infra-sshd-scan-helm-${{ github.event.ref }}
+  cancel-in-progress: true
+
+jobs:
+  scan_helm:
+    uses: dBildungsplattform/dbp-github-workflows/.github/workflows/[email protected]
+    permissions:
+      contents: read
diff --git a/infra-sshd/.helmignore b/infra-sshd/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/Chart.yaml → infra-sshd/Chart.yaml b/Chart.yaml → infra-sshd/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-name: sc-sshd
+name: infra-sshd
 description: A Helm chart for Kubernetes
 
 # A chart can be either an 'application' or a 'library' chart.
@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.1
+version: 0.1.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 1.0.0
+appVersion: 1.0.1
diff --git a/README.md → infra-sshd/README.md b/README.md → infra-sshd/README.md
@@ -1,9 +1,9 @@
-# SSHD
+# INFRA-SSHD
 A bastion host (also jump server or jump service) is usually set up as a single entrypoint into a privat system. In IONOS' case, a SSH daemon grants access to a DMZ which contains PostgreSQL and MongoDB databases.
 
 ## TL;DR;
 ```
-$ helm upgrade sc-sshd ./sc-sshd --install --create-namespace -n sc-service
+$ helm upgrade infra-sshd ./infra-sshd --install --create-namespace -n sshd-service
 ```
 
 ## Introduction
@@ -20,12 +20,12 @@ This chart can be installed in two flavors:
 ## Installing the chart
 Prior to installing, please update the authorized keys file. This file is used to create a configmap which eventually tells the daemon which keys to grant access. Currently, only a "support" user is configured in the image. For scalability reasons, authorized key files are separated by users, e.g. user support: support_authorized_keys.
 ```
-$ helm upgrade sc-sshd ./sc-sshd --install --create-namespace -n sc-service
+$ helm upgrade infra-sshd ./infra-sshd --install --create-namespace -n sshd-service
 ```
 
 ## Uninstalling the chart
 ```
-$ helm -n sc-service delete sc-sshd
+$ helm -n sshd-service delete infra-sshd
 ```
 
 ## Parameters
@@ -36,7 +36,7 @@ These parameters can be set:
 | replicaCount       | Count of pods that will be created as part of the deployment    | 1               |
 | image.repository   | Repository the image will be pulled from                        | schulcloud/infra-sshd |
 | image.tag          | Image tag which will be used                                    | stable          |
-| ingress.standalone | Specifies whether SSHD is deployed behind HAProxy or standalone | false           |
+| ingress.standalone | Specifies whether INFRA-SSHD is deployed behind HAProxy or standalone | false           |
 
 ## Authorized keys
 Currently supported users and key files:

diff --git a/templates/additional-configmap.yaml → ...-sshd/templates/additional-configmap.yaml b/templates/additional-configmap.yaml → ...-sshd/templates/additional-configmap.yaml
diff --git a/templates/configmap.yaml → infra-sshd/templates/configmap.yaml b/templates/configmap.yaml → infra-sshd/templates/configmap.yaml
diff --git a/templates/deployment.yaml → infra-sshd/templates/deployment.yaml b/templates/deployment.yaml → infra-sshd/templates/deployment.yaml
diff --git a/templates/service.yaml → infra-sshd/templates/service.yaml b/templates/service.yaml → infra-sshd/templates/service.yaml
diff --git a/values.yaml → infra-sshd/values.yaml b/values.yaml → infra-sshd/values.yaml
@@ -1,4 +1,4 @@
-# Default values for sc-sshd.
+# Default values for infra-sshd.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.